{"id":16942147,"url":"https://github.com/samouri/chrome-incognito-storage-bug","last_synced_at":"2025-03-21T06:46:01.360Z","repository":{"id":71231746,"uuid":"313779984","full_name":"samouri/chrome-incognito-storage-bug","owner":"samouri","description":"Chrome treating differnet ports as the same origin","archived":false,"fork":false,"pushed_at":"2020-11-18T17:36:46.000Z","size":3,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-26T03:41:12.382Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/samouri.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-11-18T00:37:00.000Z","updated_at":"2020-11-18T17:36:48.000Z","dependencies_parsed_at":"2023-02-22T16:00:29.404Z","dependency_job_id":null,"html_url":"https://github.com/samouri/chrome-incognito-storage-bug","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samouri%2Fchrome-incognito-storage-bug","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samouri%2Fchrome-incognito-storage-bug/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samouri%2Fchrome-incognito-storage-bug/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samouri%2Fchrome-incognito-storage-bug/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/samouri","download_url":"https://codeload.github.com/samouri/chrome-incognito-storage-bug/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244752339,"owners_count":20504254,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-13T21:11:11.977Z","updated_at":"2025-03-21T06:46:01.331Z","avatar_url":"https://github.com/samouri.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# chrome-incognito-storage-bug\n\n- Chrome blocks crossorigin iframes from accessing `localStorage` and `sessionStorage` when in incognito mode.\n- The port is supposed to be part of what determines whether an iframe is same-origin. When accessing the same url on a different port, it should be considered crossorigin.\n- This repository shows that Chrome is allowing storage access in incognito window when using a domain that varies only in port.\n\n## To reproduce\n\n1. Map also.localhost to 127.0.0.1 in your /etc/hosts file.\n2. Run two HTTP Servers (e.g. `npx http-server`). One on port 3001 and the other on 3002.\n3. Open index.html in incognito window and check the Developer Console. The `storage.js` script prints whether or not Storage is usable.\n\n\n## Browser Results\n\n**Chrome**\n- iframe at `also.localhost` does not have access to storage.\n- iframe at `localhost:3002` (other port) *does*.\n\n**Safari**\n- both iframes have storage access\n\n**Firefox**\n- both iframes have storage access.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsamouri%2Fchrome-incognito-storage-bug","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsamouri%2Fchrome-incognito-storage-bug","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsamouri%2Fchrome-incognito-storage-bug/lists"}